Tips To Enhance Joomla Sites Security-synnex

To tackle the increasing security hassles Joomla developers keep tweaking the site and the service in different ways to ensure the optimal configuration is obtained which can withstand any level of threats to the security. The following are some tips to the users and other Joomla developers for ensuring that the site they are developing or using is secure. Proper Hosting Environment For all site the platform in which the site is built is the basic foundation and it is always important to check if it is properly configured. There are numerous kinds of attacks that happen to sites hosted in a platform which has no tweaked its security and the arrangements are not done efficiently. Host your site on a server that runs PHP in CGI mode with su_php. This means that PHP runs under your own account user instead of the global Apache user and you dont need to set insecure global permissions like CHMOD of 777. a. Set register_globals OFF b. Disable allow_url_fopen c. Adjust the magic_quotes_gpc directive as needed for your site. The re.mended setting for Joomla! 1.0. X is ON to protect against poorly-written extensions. Joomla! 1.5 ignores this setting and works fine either way. d. Dont use PHP safe_mode Change the Default Database Prefix (jos_) Every database is named in a default way and the names and extensions they are given are rather .mon. Due to this bots and other automated entities find it simple to attack the database by random ruling. To avoid this the during installation the default database prefix could be altered to something random rather than using the same default name of jos_users table which will prevent most of the SQL injection attacks as hackers try to retrieve superadmin details. Disable FTP Layer FTP details are stored in the form of plain text under a Joomla configuration file. This be.es a potential security hole. To avoid this glitch it is re.mended to all users, Joomla developers and Joomla programmers to disable the FTP layer. Change Superadministrator Username Bots and other hazards which try to attack a site are programmed in such a way that if the superadministrators username assigned by the Joomla developers has not been changed and remains to be Admin, it will easily get access to the site. To avoid this it is always wise to change the username and password of the superadministrator to something inconspicuous like ted_123 etc. Setup a backup and recovery process Joomla developers are notified to rely on a strong backup and recovery protocol for your live website. Its not just hacking that may .promise your website but other factors like a faulty upgrade or extension install, hardware failure, hosting provider issues. You can use JoomlaPack, a non-.mercial .ponent native for both Joomla 1.0 and 1.5 for backup. Use Strong Password For administrator accounts it is advisable to use a strong password which cannot be deciphered by automated bots. Characteristics of a strong password that Joomla developers have to keep in mind are as follows: has at least 15 characters; has uppercase letters; has lowercase letters; has numbers; has symbols, such as ‘ ! " ? $ ? % ^ & * ( ) _ – + = { [ } ] : ; @ ‘ ~ # | \ < , > . ? / is not like your previous passwords; is not your name; is not your login; is not your friends name; is not your family members name; is not a dictionary word; is not a .mon name. A good addition is to password protect the administrator folder. In apache web server, you can do this htaccess file or in cpanel, you can use Password Protected Directory option to setup a password. This will add another layer of username/password before someone reaches your Joomla admin details. Needless to say, have this password different from Joomla admin password. About the Author: 相关的主题文章：